[141819] in North American Network Operators' Group
Re: Question about migrating to IPv6 with multiple upstreams.
daemon@ATHENA.MIT.EDU (Seth Mos)
Sun Jun 12 02:42:06 2011
From: Seth Mos <seth.mos@dds.nl>
In-Reply-To: <5346c432-e1a2-4319-8592-6305b2e215b1@zimbra.network1.net>
Date: Sun, 12 Jun 2011 08:41:54 +0200
To: NANOG <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Op 12 jun 2011, om 03:50 heeft Randy Carpenter het volgende geschreven:
>=20
> I have an interesting situation at a business that I am working on. We =
currently have the office set up with redundant connections for their =
mission critical servers and such, and also have a (cheap) cable modem =
for general browsing on client machines.
So basically policy routing?
> The interesting part is that the client machines need to access some =
customer networks via the main redundant network, so we have a firewall =
set up to route those connections via the redundant connections, and =
everything else via the cheaper, faster cable modem. NAT is used on both =
outbound connections.
Yep that sounds like policy routing.
> With IPv6, we are having some trouble coming up with a way to do this. =
Since there is no NAT, does anyone have any ideas as to how this could =
be accomplished?
Sure there is NAT, you can use prefix translation to translate your =
Global Address Range from the redundant ISP to the Cable ISP Global =
address range when leaving that interface. I've run a similar setup with =
3 independent ISPs with IPv6 netblocks.
Whichever connection the traffic went out it got the right GUA mapped =
onto it. Note that this is 1:1 NAT and not N:1.
In my case there was no primary GUA range, I used a ULA on the LAN side =
of things, and mapped the corresponding GUA onto it when leaving the =
network. I had 3 rules, 1 for each WAN and mapped the ULA/56 to the =
GUA/56.
In your case you already have a primary connection of sorts, so I'd =
suggest using that on the LAN side and only map the other GUA onto it =
when it leaves the other interfaces.
The policy routing rules on your firewall can make all the routing =
decissions for you.
If you search google for "IPv6 network prefix translation" there will be =
a firewall listed that can do this somewhere in the middle of the page.
Cheers,
Seth=
